Thor. Skrevet 29. november 2007 Del Skrevet 29. november 2007 Windows xp norsk 32 bits sp2 Etter en vanlig avslutning av maskinen igår våknet jeg med et herpet system som jeg gjerne vil skal vare bittelitt lengre. Følgende fikk jeg problemer med idag: Lyddriveren er borte Begrenset adgang til enhetsbehandling som lar meg behandle drivere Brukerkontoen min er begrenset (ser slik ut) Jeg har windows 98 utseende på nesten hele maskinen (byttet tilbake manuelt) Mangler brukerkontoikon øverst på start-menyen. Avg's mailscanner (som ikke er særlig viktig) er deaktivert og ute av drift Har ikke kommet over flere begrensninger men de har nesten sikkert en sammenheng med denne meldingen Minner meg om sasser så lastet ned en sasser fix fra microsoft.com som bare kræsjer og sier bare at jeg skal åpne en feilsøkingsside. På den siden står det info om forskjellige feilkoder men jeg fikk ingen feilkode. Jeg kjører nå avg free og spybot. begge oppdaterte i håp om å finne noe som viser tegn til virus/spyware. Jeg kan også tro at det er systemet som er skadet og ikke noe virus. For sist maskinen var på fikk jeg meldinger om at explorer kræsja. Den kom hver gang jeg startet den (den meldingen ble borte når jeg kom hjem igjen). Tok en runde med nanoscan og den fant to dll's. En i "C:\Programfiler\ActivationManager" kalt ActivationManager.dll og en i "C:\Programfiler\ADSTechnology" kalt ADSTechnology.dll. Klarer dere å se hva som er i veien med systemet? Hijackthis log Logfile of HijackThis v1.99.1 Scan saved at 16:24:58, on 29.11.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\Notebook Hardware Control\nhc.exe C:\Programfiler\Rapiddown\rapget.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\DAEMON Tools\daemon.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE C:\Programfiler\Xfire\xfire.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexStoreSvr.exe C:\Programfiler\uTorrent\uTorrent.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\eBoostr\EBstrSvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\UPHClean\uphclean.exe C:\Programfiler\Opera\Opera.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Winamp\winamp.exe C:\PROGRA~1\Grisoft\AVG7\avgwb.dat C:\Programfiler\Spybot - Search & Destroy\SpybotSD.exe C:\Programfiler\WinRAR\WinRAR.exe C:\DOCUME~1\Thor\LOKALE~1\Temp\Rar$EX00.906\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: ADSTechnology Class - {831CBAC0-8283-4653-9D81-FEB9F3F6E47C} - C:\Programfiler\ADSTechnology\ADSTechnology.dll O2 - BHO: ActivationManager Class - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Programfiler\ActivationManager\ActivationManager.dll O2 - BHO: (no name) - {A6984C00-C6EB-11D4-B4A4-080000180323} - C:\Programfiler\Rapidown\rapi310.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Programfiler\Notebook Hardware Control\nhc.exe" -quiet O4 - HKLM\..\Run: [Rapget] C:\Programfiler\Rapiddown\rapget.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - Startup: Xfire.lnk = C:\Programfiler\Xfire\xfire.exe O4 - Startup: µTorrent.lnk = C:\Programfiler\uTorrent\uTorrent.exe O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Programfiler\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE O4 - Global Startup: eBoostr Control Panel.lnk = C:\Programfiler\eBoostr\eBoostrCP.exe O8 - Extra context menu item: Download all by Rapidown... - C:\Programfiler\Rapidown\rapidownGetAll.htm O8 - Extra context menu item: Download by Rapidown... - C:\Programfiler\Rapidown\rapidownGet.htm O8 - Extra context menu item: Download with Rapget - C:\Programfiler\Rapiddown\rapget.htm O8 - Extra context menu item: Sothink SWF Catcher - C:\Programfiler\Fellesfiler\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: (no name) - AutorunsDisabled - (no file) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Programfiler\Rapidown\rapidown.exe (file missing) O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Programfiler\Rapidown\rapidown.exe (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programfiler\Fellesfiler\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programfiler\Fellesfiler\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O10 - Unknown file in Winsock LSP: c:\programfiler\bonjour\mdnsnsp.dll O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1194037773812 O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: eBoostr Service (EBOOSTRSVC) - Unknown owner - C:\Programfiler\eBoostr\EBstrSvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) Lenke til kommentar
norbat Skrevet 29. november 2007 Del Skrevet 29. november 2007 Det ligger en søke hijacker der, men prøv med en systemgjenoppretting til før dette oppsto. Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt) Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå